﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using System.Web.Security;

[AttributeUsage(AttributeTargets.Method | AttributeTargets.Class, AllowMultiple = false)]
public class DuffAuthorizeAttribute : AuthorizeAttribute
{
   public string _Role { get; set; }
   public override void OnAuthorization(AuthorizationContext filterContext)
   {
      base.OnAuthorization(filterContext);
      var ctx = filterContext.HttpContext;
      var name = ctx.User.Identity.Name;
      FormsAuthenticationTicket ticket =
      FormsAuthentication.Decrypt((filterContext.HttpContext.Request.Cookies[FormsAuthentication.FormsCookieName]).Value);
      if (ticket == null || ticket.Expired) return;
      var role = ticket.UserData;


      if (_Role != role) filterContext.Result = new HttpUnauthorizedResult();
   }
}